[38487] in Kerberos
Re: Master-master deployment?
daemon@ATHENA.MIT.EDU (t Seeger)
Thu Feb 7 05:44:10 2019
Mime-Version: 1.0 (1.0)
From: t Seeger <tseegerkrb@gmail.com>
In-Reply-To: <CAJYMFR7EnWEfiR_nDxO-oECtkjzq2hSC0mfE+x0FRaxTjb4agA@mail.gmail.com>
Date: Thu, 7 Feb 2019 11:43:53 +0100
Message-Id: <D90E23E5-CA89-4849-8545-171C917D1EDE@gmail.com>
To: Yegui Cai <caiyegui@gmail.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hey Yegui,
I have just noticed that the script has a bug and does not run. I uploaded the corrected version (0.13.3).
Greetings
Thor
> On 6. Feb 2019, at 13:56, Yegui Cai <caiyegui@gmail.com> wrote:
>
> Awesome, thanks!
>
>> On Wed, Feb 6, 2019 at 2:32 AM t Seeger <tseegerkrb@gmail.com> wrote:
>> Hey Yegui,
>>
>> You can find the script here https://wp.tntnet.eu/?p=112
>> There is a very short instruction too. Keep in mind that I m not a ldap or Kerberos expert. ^^
>>
>> Thor
>>
>>> On 6. Feb 2019, at 03:37, Yegui Cai <caiyegui@gmail.com> wrote:
>>>
>>> Hi Thor
>>> Sure. Can I have a copy of it. I am still pretty new to Kerberos. Your script is definitely helpful.
>>> Thanks a lot!
>>> Yegui
>>>
>>>> On Sat, Feb 2, 2019 at 1:55 PM t Seeger <tseegerkrb@gmail.com> wrote:
>>>> Hey,
>>>>
>>>> my deployment is a multimaster ldap / Kerberos Setup... i made a „Script“ to install it on Debian/ubuntu. You can have it if you want... it is for testing.
>>>>
>>>>
>>>> Thor
>>>>
>>>> Sent from my iPhone
>>>>
>>>> > On 2. Feb 2019, at 19:48, Benjamin Kaduk <kaduk@mit.edu> wrote:
>>>> >
>>>> > LDAP is the only builtin KDC backend that supports multi-master KDCs at
>>>> > all. (I don't know whether there are any public out-of-tree backends that
>>>> > do so.)
>>>> >
>>>> > So, while you could use the LDAP backend with a single LDAP master and
>>>> > multiple KDC masters, that master LDAP server would be a SPOF.
>>>> >
>>>> > -Ben
>>>> >
>>>> >> On Sat, Feb 02, 2019 at 01:45:44PM -0500, Yegui Cai wrote:
>>>> >> Would it be possible to not leverage ldap for multiple-master deployment?
>>>> >>
>>>> >>> On Sat, Feb 2, 2019 at 1:14 PM Benjamin Kaduk <kaduk@mit.edu> wrote:
>>>> >>>
>>>> >>> Most of the instances I've heard about that use multi-master KDCs also use
>>>> >>> multi-master LDAP replication, to avoid the SPOF.
>>>> >>>
>>>> >>> -Ben
>>>> >>>
>>>> >>>> On Sat, Feb 02, 2019 at 11:12:33AM -0500, Yegui Cai wrote:
>>>> >>>> Hi Thor.
>>>> >>>> So you have a shared ldap? If so, could that ldap be a single point of
>>>> >>>> failure?
>>>> >>>>
>>>> >>>> Thanks,
>>>> >>>> Yegui
>>>> >>>>
>>>> >>>>> On Sat, Feb 2, 2019 at 11:10 AM t Seeger <tseegerkrb@gmail.com> wrote:
>>>> >>>>>
>>>> >>>>> Hey Yegui,
>>>> >>>>>
>>>> >>>>> I use a mutli master setup. For the sync I use openldap.
>>>> >>>>>
>>>> >>>>> Greeting Thor
>>>> >>>>>
>>>> >>>>> On 2. Feb 2019, at 15:38, Yegui Cai <caiyegui@gmail.com> wrote:
>>>> >>>>>
>>>> >>>>> Hi all.
>>>> >>>>> I know the official document recommend master-slave deployment for
>>>> >>>>> production environment.
>>>> >>>>> Wonder if any try to do a master-master deployment? If yes, how could
>>>> >>> you
>>>> >>>>> sync between two masters?
>>>> >>>>> Thanks,
>>>> >>>>> Yegui
>>>> >>>>>
>>>> >>>>> ________________________________________________
>>>> >>>>> Kerberos mailing list Kerberos@mit.edu
>>>> >>>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>> >>>>>
>>>> >>>>>
>>>> >>>> ________________________________________________
>>>> >>>> Kerberos mailing list Kerberos@mit.edu
>>>> >>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>> >>>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
